<br><br><div class="gmail_quote">On Fri, Nov 4, 2011 at 3:42 AM, Jacob Appelbaum <span dir="ltr"><<a href="mailto:jacob@appelbaum.net">jacob@appelbaum.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5"><br>
> What makes either of them able to provide an accurate figure?<br>
<br>
</div></div>The same thing that would allow you to provide an accurate figure - a<br>
hypothesis, a methodology for collection of evidence, analysis of<br>
evidence and well - peer review of the results?<br></blockquote><div><br></div><div>What peer review?</div><div><br></div><div>Conference talks are not peer review. Putting up a Web page is not peer review.</div><div><br>
</div><div>The EFF methodology has been shown to be false so they should if they were honest take down the claim and stop making it. Instead they repeat the figure to the press as incontrovertible fact. That is not peer review it is gross malpractice.</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
They have served up the goods, they explained the way they came to their<br>
conclusions, they've given talks, they've showed the data, etc.<br></blockquote><div><br></div><div>No, they have not. </div><div><br></div><div>Go look at the DFN root. They know those are 200 data points in their study that are not what they say. </div>
<div><br></div><div>If you show the data and it is demonstrated that you can't support the interpretation you have to withdraw the claim.</div><div><br></div><div>EFF is a political body not a peer review body. They are making a tendentious political claim and they are making a claim that they cannot support.</div>
<div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Did I miss your version of that? I guess so. Could you show me?</blockquote><div><br></div><div>I have demonstrated that the EFF figures are a fraud. They have admitted that they can't justify the 200 figure.</div><div>
<br></div><div>Now you are claiming them to be peer reviewed.</div><div><br></div><div>Can't you see how this creates something of a credibility gap?</div><div><br></div><div><br></div><div>The EFF page links to two talks. It does not have a link to a peer reviewed journal paper. Not that peer review is incontrovertible. And in any case their self-published paper does not actually make the 650 CAs claim in the unqualified form that they make on their Web site.</div>
<div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
><br>
> In the case of the EFF study the methodology is flawed, they have been<br>
> advised of the issue, they accept that they cannot tell if an intermediate<br>
> cert is a public CA or not. Yet they keep making the claim.<br>
><br>
<br>
</div>How is the methodology flawed? This is news to me, I'd love to hear more<br>
about it? Who at the EFF has been advised of the issue? Is there just a<br>
thread that I'm missing here?</blockquote><div><br></div><div>The 650 'organizations' claimed to be a CA are identified by intermediate issuer certificates. That is a bollocks methodology as they admit in the paper (but not the web site). Mere existence of an intermediate cert does not tell you anything about the issue capability or who holds the keys.</div>
<div><br></div><div>Take a look at their graph. The largest node in the graph is DFN which is the German higher education consortium. They have 200 certs all by themselves.</div><div><br></div><div><br></div><div>None of those 200 organizations is a CA according to any accepted definition. They are LRAs, Registration Authorities that act for a limited scope. If DFN are doing their job correctly those organizations should not have their own private keys and should not be issuing for anything other than the domains that they have been vetted for.</div>
<div><br></div><div>This was pointed out six months ago but there has been no modification of the claim.</div><div><br></div><div>At the very least they can no longer support the number they give. But they still make the unqualified claim on their Web site.</div>
<div><br></div><div><br></div><div>And don't start with 'well its imperfect'. That 200 figure is a third of their total and it is due to a single point in their graph. That pretty much demolishes their methodology.</div>
<div><br></div><div>Worse, introducing intermediate certs for LRAs is an important risk mitigation control that we want to see more of. Here we have a political lobby group fixing on that figure and trying to play scary bogey monsters with it. That is disgusting in my view.</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
> The number of WebTrust audits of CAs would probably be the place to start<br>
> since anything that is acting as a public CA that is not being audited<br>
> should not be.<br>
><br>
<br>
</div>Is that public information that you can link to?</blockquote><div><br></div><div>Not yet. There is a gap between some person demanding information and publishing a tendentious claim and people working out how to get an accurate number.</div>
<div><br></div><div>Not being able to produce an accurate claim does not give the EFF the right to peddle a fraudulent one.</div><div><br></div><div>Yes I am rather pissed about this, can you tell?</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
That was rather unclear as I am neither the EFF nor making that claim.</blockquote><div><br></div><div><a href="https://www.eff.org/observatory">https://www.eff.org/observatory</a></div><div><br></div><div>"<span class="Apple-style-span" style="font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif; font-size: 14px; line-height: 21px; background-color: rgb(255, 255, 255); ">For the public, the slide decks from our </span><a href="https://www.eff.org/files/DefconSSLiverse.pdf" style="font-size: 14px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; font: inherit; color: rgb(204, 0, 0); text-decoration: none; font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif; line-height: 21px; background-color: rgb(255, 255, 255); ">DEFCON 18</a><span class="Apple-style-span" style="font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif; font-size: 14px; line-height: 21px; background-color: rgb(255, 255, 255); "> and </span><a href="https://www.eff.org/files/ccc2010.pdf" style="font-size: 14px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; font: inherit; color: rgb(204, 0, 0); text-decoration: none; font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif; line-height: 21px; background-color: rgb(255, 255, 255); ">27C3</a><span class="Apple-style-span" style="font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif; font-size: 14px; line-height: 21px; background-color: rgb(255, 255, 255); "> talks are available, and you can also peruse </span><a href="https://www.eff.org/files/colour_map_of_CAs.pdf" style="font-size: 14px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; font: inherit; color: rgb(204, 0, 0); text-decoration: none; font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif; line-height: 21px; background-color: rgb(255, 255, 255); ">our second map of the 650-odd organizations that function as Certificate Authorities</a><span class="Apple-style-span" style="font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif; font-size: 14px; line-height: 21px; background-color: rgb(255, 255, 255); "> trusted (directly or indirectly) by Mozilla or Microsoft."</span></div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im"><br>
> I can't give a figure right now. But we should be able to get a figure once<br>
> the minimum criteria for DV issue are applied.<br>
<br>
</div>If you can't give a figure, why do you dispute their figure? You don't<br>
have a figure but you're sure it's way off? Huh. Ok...</blockquote><div><br></div><div>I have demonstrated that they have a flaw in their methodology. They accept that they cannot make the inference that an intermediate cert maps to a CA. </div>
<div><br></div><div>If someone came up with a measure of the amount of gold in Fort Knox based on remote viewing, my inability to produce an accurate figure would in no way compromise my ability to criticize theirs.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
> It should be somewhere between 30 and 50 entities performing the domain<br>
> validation part of the criteria after the dust settles.<br>
><br>
<br>
</div>How do you count sub-CAs under large educational institutions in Europe<br>
that are the subordinate of say, Comodo?</blockquote><div><br></div><div>They are not CAs. They are Registration Authorities. </div><div><br></div><div>This is the terminology we have been using for 25 years now. The RAs do not control keying material.</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
> Then there is a much larger number of resellers some of which perform some<br>
> validation steps for OV validation but do not have keys and do not perform<br>
> the domain name checking.<br>
><br>
<br>
</div>If one of these signs a cert with 'CA = True' - what just happened?<br></blockquote><div><br></div><div>They can't since they don't have a private key. They can ask a CA to issue but not issue or sign themselves.</div>
<div><br></div><div>There might be a bug in the CA software that allows them greater access than they should have and get the CA to issue such a cert. But that is a different matter.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Does that increase your number? I have a few of those from various<br>
research projects - will you discount them?<br>
<div class="im"><br>
><br>
> It wasn't my idea to let all those roots into the browsers in the first<br>
> place. My idea for minimum standards for SSL cert issue was pretty much EV.<br>
><br>
<br>
</div>Huh. I think well beyond the browser here - are you limiting the CA<br>
count simply to the browser?</blockquote><div><br></div><div>If you go beyond the CAs recognized as embedded roots then everyone with a PGP key is a CA and the number is anything you like.</div><div><br></div><div>The EFF page says '<span class="Apple-style-span" style="font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif; font-size: 14px; line-height: 21px; background-color: rgb(255, 255, 255); ">We have downloaded datasets of all of the publicly-visible SSL certificates on the IPv4 Internet"</span> </div>
<div><br></div><div>Which suggests it is limited to embedded SSL certs.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im"><br>
> No, they both turn into matters of integrity when a half truth is<br>
> intentionally used to advance a political agenda. Gilmore has repeatedly<br>
> used the 650 figure as evidence in his attacks on the CA model. He does not<br>
> put in the caveats that the authors used in the paper, nor does the EFF in<br>
> their press releases.<br>
><br>
<br>
</div>You're quoted above as saying that you can't publish a number but you<br>
think their methodology for arriving at a number is flawed. It seems<br>
like the thing thing to do is to publish about the correct methodology<br>
and also publish some numbers derived from that methodology.<br></blockquote><div><br></div><div>Sure. But until we can get an accurate figure the EFF must withdraw their figure that they cannot support.</div><div><br></div>
<div>And they should give equal prominence to their retraction.</div><div><br></div><div>Again, I was not the party who claimed that an accurate figure could be produced.</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
There is a very serious difference between an intentional backdoor and a<br>
methodology that you claim is flawed with some un-cited facts. </blockquote><div><br></div><div>I have pointed out the issue on numerous occasions. I have taken it up with members of the EFF board. This is hardly an obscure criticism. That you have not heard about it before suggests you were not looking very hard.</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
As far as the politics angle, you're a self professed benefactor and<br>
proponent of the CA model. Do you claim that you're free of a political<br>
agenda? That seems like an odd stone to throw...<br></blockquote><div><br></div><div>Gilmore is hardly free of political bias here. He has published on the IETF lists stating that his objective is to destroy the CA system. </div>
<div><br></div><div>The EFF is a political campaign body. So accusing others of having a political agenda is rather odd.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">
> Sorry, that is a dishonest way to conduct a debate.<br>
<br>
</div>It is far more dishonest to try to argue from authority and to accuse<br>
rather than disprove. You do not assume good faith and well, huh, I<br>
wonder why that is?</blockquote><div><br></div><div>Because I pointed out the issue months ago and the same claim is being repeated without any of the caveats that the investigators accepted</div><div><br></div><div>You can't measure the number of CAs from the number of intermediate certs. That is just a fact of the way PKI works. There may be other ways the number can be measured but that is a completely different matter.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">>> Citation please.<br>
><br>
><br>
> Personal conversation with US intelligence.`<br>
<br>
</div>Which branch? Do you have a clearance? If so... is it TS-SCI? If so, did<br>
you just lose it? If not, who are you kidding?</blockquote><div><br></div><div>The information is not classified or I would not have shared it. Some of us do not have quite the same level of adversarial relationship with people in that world as you do. Well not at present.</div>
<div><br></div><div>And BTW getting a clearance is easy. I would bet that if you applied for one they would be falling over themselves to grant it. Once you get a clearance they can control what you say. I can almost certainly gain access to far more information from those people due to the fact that I can trade it than they would ever let me have if I had a clearance.</div>
<div><br></div><div><br></div><div>First hit on the Google:</div><div><br></div><div><a href="http://www.neowin.net/news/iranian-government-encourages-piracy">http://www.neowin.net/news/iranian-government-encourages-piracy</a></div>
<div><br></div><div><p style="border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; margin-top: 0px; margin-right: 0px; margin-bottom: 16px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); font-size: 13px; outline-width: 0px; outline-style: initial; outline-color: initial; vertical-align: baseline; line-height: 19px; color: rgb(68, 68, 68); font-family: 'Segoe UI', Segoe, Helvetica, Arial, FreeSans, sans-serif; ">
The Iranian Research Organization for Science and <a href="http://www.neowin.net/news/iranian-government-encourages-piracy#" id="itxthook0" rel="nofollow" class="itxtrst itxtrsta itxthook" style="margin-top: 0px !important; margin-right: 0px !important; margin-bottom: 0px !important; margin-left: 0px !important; padding-top: 0px; padding-right: 0px; padding-bottom: 1px; padding-left: 0px; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: transparent; vertical-align: baseline; cursor: pointer; color: rgb(51, 102, 153); outline-style: none; outline-width: initial; outline-color: initial; -webkit-transition-property: color; -webkit-transition-duration: 0.1s; -webkit-transition-timing-function: linear; -webkit-transition-delay: initial; float: none !important; left: auto; right: auto; top: auto; bottom: auto; border-top-style: none; border-right-style: none; border-bottom-style: solid; border-left-style: none; border-width: initial; border-color: initial; line-height: normal; text-align: left; position: static !important; display: inline !important; font-family: inherit; border-bottom-color: rgb(51, 102, 153); border-bottom-width: 0.1em; "><span id="itxthook0w0" class="itxtrst itxtrstspan itxthookspan" style="border-style: initial; border-color: initial; margin-top: 0px !important; margin-right: 0px !important; margin-bottom: 0px !important; margin-left: 0px !important; padding-top: 0px !important; padding-right: 0px !important; padding-bottom: 0px !important; padding-left: 0px !important; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: transparent; font-size: inherit; outline-width: 0px; outline-style: initial; outline-color: initial; vertical-align: baseline; float: none; left: auto; right: auto; top: auto; bottom: auto; border-top-style: none; border-right-style: none; border-bottom-style: solid; border-left-style: none; border-width: initial; border-color: initial; position: static; display: inline; font-family: inherit; border-width: initial; border-color: initial; border-width: initial; border-color: initial; border-width: initial; border-color: initial; border-bottom-width: 2px; border-bottom-color: transparent; ">Technology</span></a> (IROST), an organization directly connected to the Iranian Government, is charged with evaluating and advising policy makers on science and technology issues. They are also host to a large FTP server full of pirated software. Searching the FTP you will be able to find a wide range of applications all legal to download and use if you are an Iranian citizen.</p>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Interestingly, I know for a fact that some people in Iran use Free<br>
Software whenever possible because of the sanctions that make purchasing<br>
Windows illegal. So is your rumor platform specific?</blockquote><div><br></div><div>I don't bother much with determining the existence or the extent of an attack. All plausible threats are realized if you wait a little while. Back in the day we had people jumping up and down at spam conferences saying that there was no proof that botnets were being used for distribution.</div>
<div><br></div><div>If the report is bogus, well thats great because we have maybe another six months lead time to close it in.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">
><br>
> Why wouldn't they try to compromise the machines? Seems like an obvious<br>
> attack for them to do. If the US government tells me that Iran is following<br>
> a course of action that is obvious to me I tend to believe them unless<br>
> proven otherwise.<br>
><br>
<br>
</div>Compromise which machines? End user machines? Yeah, of course.</blockquote><div><br></div><div>Seems like a rather more practical approach than compromising CAs and diverting the whole net through a Blue Coat box.</div>
<div><br></div><div>I noticed that the Iranian propaganda campaign stopped rather suddenly when I used the platform they gave me to warn people about the Warez vulnerability.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
At ISS world in DC a few weeks ago, I heard an SS8 shill discuss their<br>
SSL interception gear. He said that people in the audience should a CA<br>
cert for use with their product. Huh, how would they... oh, right. I<br>
asked which one and he declined to answer because they didn't want a big<br>
story in the press. Huh, how about that.</blockquote><div><br></div><div>It seems unlikely that any CA would issue that type of cert if they thought it was likely to leak.</div><div><br></div><div>So what we need is a mechanism for detecting that type of cert. Which is precisely what I just proposed in the WebSec working group.</div>
<div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
><br>
> All these systems are turtles stacked on turtles. It is really easy to<br>
> design a system that works if you are allowed to insert a single magic<br>
> turtle that is absolutely trustworthy into the stack.<br>
><br>
> And is it really easy to collapse someone else's stack by pointing out that<br>
> their turtle may not be trustworthy after all.<br>
><br>
> If you want to go round pointing at other people's magic turtles and point<br>
> out that they are not so magic then they get to point out your magic<br>
> turtles.<br>
><br>
<br>
</div>There are no magic turtles in Tor or in open data sets or in published<br>
work about your magic turtle industry. Your analogy requires the use of<br>
magic turtles and thus, well, I'm sorry to say that your analogy is<br>
totally bogus.<br>
<br>
Imperfection does not mean that things are magic turtles.</blockquote><div><br></div><div>Wasn't it Moxie who pointed out that the exit nodes from the Tor network are a magic turtle?</div><div><br></div><div>And all software schemes rest on the 'code integrity' turtle. </div>
<div><br></div><div>It is a very hard problem.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
> DANE has a magic turtle called ICANN. In the case of Convergence the<br>
> description does not even begin to explain what the turtle is let alone why<br>
> it could be magic.<br>
<br>
</div>DANE is compatible with the CA model and augments it with DNSSEC. DANE<br>
like Convergence is totally complementary to the CA model.<br></blockquote><div><br></div><div>That is what you and I think. It is not what the remaining group working on it believe. </div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
DANE and Convergence have potential problems. The trade-off is that they<br>
both realistically help alleviate the actual problems with the CA only<br>
model. None of these weaknesses are magic turtles. They're designs with<br>
strengths and weaknesses. The notion that we should trust a single<br>
entity and never verify things is a dead path for trust.</blockquote><div><br></div><div>Agreed. That is why I have been pushing that model since last year.</div><div><br></div><div><br></div></div>-- <br>Website: <a href="http://hallambaker.com/">http://hallambaker.com/</a><br>
<br>